On Tue, 9 Aug 2016 08:57, ndk.cla...@gmail.com said: > If GnuPG supported PKCS#11 it would open a whole new world, like the > ability to use generic cards.
Nope. That is entirely unrelated. PKCS#11 is a clumsy standard to allow the use of proprietary cards using proprietary middleware/drivers/whatever_they_call_it. If you have an open specification for a card you can easily write the required glue code and add it to scdaemon. You may also use a PKCS#15 card and scdaemon would work just fine with it - if there would not be so many different flavors of that standard. Using more that one card is more of an organisational problem. 10 years ago or so I did some tests and it basically worked. However, back then it was hard enough to convince people to buy just _one_ reader and thus I dropped all efforts to make multipe reader/card support well working. It is also questionable whether having two cards plugged in is a good idea: You increase the attack surface and malware can make use of any of those cards. This makes it hard for a user to notice unexpected use of a card. >From a practical point of view I would love to see support for two cards: When doing a release I have to swap my cards for commit signatures and release signatures all the time. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. /* Join us at OpenPGP.conf <https://openpgp-conf.org> */ _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
